I have a PIX 501, 50 user license, for my home LAN which consists of approximately 20 computers.
I have been reading different books on the PIX and most of them show a router and then the PIX and then the internal network.
Would there be any advantage to a home user system such as the type that I have in adding a router to the mix before the firewall? The PIX 501 is the first Cisco product that I have ever used and was just curious.
Its very unlikely that anyone would can connect PIX directly to the internet. The router is shown only because the internet connection from ISP connects to one interface of the router and the PIX will be connected to another interface ( usually Fast Eth).. If you have a DSL modem connected to the internet, you can connect the LAN side of that modem to PIX external interface.
In your case you wont need to add a router as long as you already have internet connection from ISP terminating to some device such a modem/ router.
Yes, you are correct. I currently have the following setup:
Cable Modem -> PIX 501 -> Switch -> Internal LAN
I think that where I was going was if I placed a router between the CM and the PIX 501 would there be anything gained as far as additional protection features that the router may offer or does the PIX 501 offer all that I need for the home setup that I currently have?
In some designs people would place a router before the firewall to act as a "choke" router with a rather generic ACL before hitting the firewall, things you know you would never want to hit you. eg. countries you would never go and are known have common attacks from, known spammer's IP range, eg. Though this could be placed at the firewall with no issues, it would distribute the load on the processing and add another layer for someone to go through to get to you. It could also make the PIX ACL a little more readable.
Another reason would be to build a DMZ off of the router rather than the PIX, for what ever reason. In a home network, I would think more along the lines of testing, etc.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...